Skip to main content

Unified Computing System Central Software CVE-2015-0701

CRITICAL
Improper Input Validation (CWE-20)
2015-05-07 psirt@cisco.com
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
May 07, 2015 - 01:59 cve.org
CRITICAL 10.0

DescriptionCVE.org

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

AnalysisAI

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. Affected products include: Cisco Unified Computing System Central Software. Version information: before 1.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-1352 CRITICAL
9.8 Apr 14

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary O

CVE-2018-0113 HIGH
8.8 Feb 08

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute ar

CVE-2018-0094 HIGH
7.5 Jan 18

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote

CVE-2014-0730 MEDIUM
6.8 Feb 22

Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI co

CVE-2016-1401 MEDIUM
6.1 May 21

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Sof

CVE-2017-12349 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2017-12348 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2015-6388 MEDIUM
5.0 Dec 05

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request fo

CVE-2015-4286 MEDIUM
5.0 Jul 29

The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted

CVE-2015-6387 MEDIUM
4.3 Dec 05

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote

CVE-2021-1354 LOW
3.5 Feb 04

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could a

Share

CVE-2015-0701 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy